diff options
| author | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-04-29 14:39:48 +0000 |
|---|---|---|
| committer | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-04-29 14:39:48 +0000 |
| commit | cfa021cb17a95589df86477d219112d3cdd280e9 (patch) | |
| tree | 622e972760e11646f05bdb377f471f42a6608dcc /main/manager.c | |
| parent | 0ad875b34e788f24d688fad41c7e9b9223f65ad3 (diff) | |
Consistent SSL/TLS options across conf files
ast_tls_read_conf() is a new api call for handling SSL/TLS options across all conf files. Before this change, SSL/TLS options were not consistent. http.conf and manager.conf required the 'ssl' prefix while sip.conf used options with the 'tls' prefix. While the options had different names in different conf files, they all did the exact same thing. Now, instead of mixing 'ssl' or 'tls' prefixes to do the same thing depending on what conf file you're in, all SSL/TLS options use the 'tls' prefix. For example. 'sslenable' in http.conf and manager.conf is now 'tlsenable' which matches what already existed in sip.conf. Since this has the potential to break backwards compatibility, previous options containing the 'ssl' prefix still work, but they are no longer documented in the sample.conf files. The change is noted in the CHANGES file though.
Review: http://reviewboard.digium.com/r/237/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@191028 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main/manager.c')
| -rw-r--r-- | main/manager.c | 33 |
1 files changed, 8 insertions, 25 deletions
diff --git a/main/manager.c b/main/manager.c index a43f5518b..97d573c07 100644 --- a/main/manager.c +++ b/main/manager.c @@ -4719,9 +4719,6 @@ static int __init_manager(int reload) const char *val; char *cat = NULL; int newhttptimeout = 60; - int have_sslbindaddr = 0; - struct hostent *hp; - struct ast_hostent ahp; struct ast_manager_user *user = NULL; struct ast_variable *var; struct ast_flags config_flags = { reload ? CONFIG_FLAG_FILEUNCHANGED : 0 }; @@ -4804,27 +4801,12 @@ static int __init_manager(int reload) for (var = ast_variable_browse(cfg, "general"); var; var = var->next) { val = var->value; - if (!strcasecmp(var->name, "sslenable")) { - ami_tls_cfg.enabled = ast_true(val); - } else if (!strcasecmp(var->name, "sslbindport")) { - amis_desc.local_address.sin_port = htons(atoi(val)); - } else if (!strcasecmp(var->name, "sslbindaddr")) { - if ((hp = ast_gethostbyname(val, &ahp))) { - memcpy(&amis_desc.local_address.sin_addr, hp->h_addr, sizeof(amis_desc.local_address.sin_addr)); - have_sslbindaddr = 1; - } else { - ast_log(LOG_WARNING, "Invalid bind address '%s'\n", val); - } - } else if (!strcasecmp(var->name, "sslcert")) { - ast_free(ami_tls_cfg.certfile); - ami_tls_cfg.certfile = ast_strdup(val); - } else if (!strcasecmp(var->name, "sslprivatekey")) { - ast_free(ami_tls_cfg.pvtfile); - ami_tls_cfg.pvtfile = ast_strdup(val); - } else if (!strcasecmp(var->name, "sslcipher")) { - ast_free(ami_tls_cfg.cipher); - ami_tls_cfg.cipher = ast_strdup(val); - } else if (!strcasecmp(var->name, "enabled")) { + + if (!ast_tls_read_conf(&ami_tls_cfg, &amis_desc, var->name, val)) { + continue; + } + + if (!strcasecmp(var->name, "enabled")) { manager_enabled = ast_true(val); } else if (!strcasecmp(var->name, "block-sockets")) { block_sockets = ast_true(val); @@ -4856,7 +4838,8 @@ static int __init_manager(int reload) if (manager_enabled) { ami_desc.local_address.sin_family = AF_INET; } - if (!have_sslbindaddr) { + /* if the amis address has not been set, default is the same as non secure ami */ + if (!amis_desc.local_address.sin_addr.s_addr) { amis_desc.local_address.sin_addr = ami_desc.local_address.sin_addr; } if (ami_tls_cfg.enabled) { |